Search Results (6950 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-0898 1 Futomi 1 Mp Form Mail Cgi 2025-04-12 N/A
futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors.
CVE-2016-3153 2 Debian, Spip 2 Debian Linux, Spip 2025-04-12 N/A
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
CVE-2015-3446 1 Alienvault 1 Unified Security Management 2025-04-12 N/A
The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).
CVE-2015-5721 1 Misp-project 1 Malware Information Sharing Platform 2025-04-12 N/A
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.
CVE-2016-1413 1 Cisco 1 Secure Firewall Management Center 2025-04-12 N/A
The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517.
CVE-2014-9266 1 Samsung 1 Smart Viewer 2025-04-12 N/A
The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2014-2639 1 Hp 1 Mpio Device Specific Module Manager 2025-04-12 N/A
Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors.
CVE-2014-5297 1 X2engine 1 X2engine 2025-04-12 N/A
The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSRF) attacks via crafted serialized data in the report parameter.
CVE-2014-7226 1 Rejetto 1 Http File Server 2025-04-12 N/A
The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols.
CVE-2014-7235 2 Freepbx, Sangoma 2 Freepbx, Freepbx 2025-04-12 N/A
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
CVE-2015-1597 1 Siemens 1 Spcanywhere 2025-04-12 N/A
The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream.
CVE-2006-1318 1 Microsoft 1 Office 2025-04-12 N/A
Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."
CVE-2016-7966 4 Debian, Fedoraproject, Kde and 1 more 4 Debian Linux, Fedora, Kmail and 1 more 2025-04-12 N/A
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.
CVE-2016-10072 1 Wampserver 1 Wampserver 2025-04-12 5.3 Medium
WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called wampmanager.exe or unins000.exe and replace the original files. The next time one of these programs is launched by a more privileged user, malicious code chosen by the local attacker will run. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer.
CVE-2013-0210 1 Theforeman 1 Foreman 2025-04-12 N/A
The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands.
CVE-2012-5649 1 Apache 1 Couchdb 2025-04-12 N/A
Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash.
CVE-2013-1412 1 Dleviet 1 Datalife Engine 2025-04-12 N/A
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
CVE-2013-1756 2 Mark Evans, Ruby On Rails 2 Dragonfly Gem, Ruby On Rails 2025-04-12 N/A
The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.
CVE-2014-3545 1 Moodle 1 Moodle 2025-04-12 N/A
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.
CVE-2012-6143 1 Ingy 1 Spoon 2025-04-12 N/A
Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.